IBM introduced a solution that combines security intelligence with big data analytics capabilities for both external cyber security threats and internal risk detection and prevention. The goal is to allow security analysts to extend their analysis well beyond typical security data and to hunt for malicious cyber activity.
Key elements of the solution include:
- Real-time correlation and anomaly detection of diverse security and network data
- High-speed querying of security intelligence data
- Flexible big data analytics across structured and unstructured data – including security, email, social media, business process, transactional, device, and other data
- Graphical front-end tool for visualizing and exploring big data
- Forensics for deep visibility into network activity
IBM cited the Depository Trust & Clearing Corporation (DTCC) as a potential beneficiary of this big data cyber analysis approach.
“As the sophistication and technological means of cyber-criminals increase, the financial industry and government need to move to a risk-based framework that incorporates the dynamic nature of the threat landscape,” said Mark Clancy, CISO, Managing Director, Technology Risk Management, DTCC. “We need to move from a world where we ‘farm’ security data and alerts with various prevention and detection tools to a situation where we actively ‘hunt’ for cyber-attackers in our networks. IBM’s Security Intelligence with Big Data solution gives us a practical way to gain visibility across our environment. We’re gaining real-time security awareness and meaningful insight into historical activity across years of diverse data.”